CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 9.8 |
Critique |
||
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | 9.8 |
Critique |
||
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | 6.5 |
Moyen |
||
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 4.4 |
Moyen |
||
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | 4.9 |
Moyen |
||
PuppetDB logging included potentially sensitive system information. | 4.3 |
Moyen |
||
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 8.8 |
Haute |
||
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 |
Haute |